A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content.
This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:40
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-3ZKh8d6x - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
04 Oct 2023, 01:53
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-3ZKh8d6x - Vendor Advisory | |
| CWE | CWE-79 | |
| CPE | cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:* | |
| First Time |
Cisco sd-wan Vmanage
Cisco |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
27 Sep 2023, 18:31
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-09-27 18:15
Updated : 2024-11-21 07:40
NVD link : CVE-2023-20179
Mitre link : CVE-2023-20179
CVE.ORG link : CVE-2023-20179
JSON object : View
Products Affected
cisco
- sd-wan_vmanage